TrustBar
helps improve security for Web users… How?

Currently, browsers have very limited security indicators, consisting mainly of
a padlock icon displayed in the status bar of protected sites. Most users are
not aware of this indicator, and certainly not on how to use it. Security
experts know: the padlock indicates that the connection between the browser and
the server is protected under the SSL (or TSL) security protocol, which
encrypts the traffic and authenticate the identity of the server. The
authentication part is tricky (yet critical); how can the browser authenticate
a site? Technically, the solution is based on complex mechanisms – public key
cryptography, digital certificates, etc. – but we do not need to discuss these,
to understand the implications. Namely: with SSL, the site essentially presents
to the browser an `affidavit' (called certificate) from an entity (called certificate
authority) that has identified the site; the affidavit contains the identity of
the site and keys that allow the browser to validate the site is the right one.

TrustBar
displays this information in a simple, concise way, e.g.: `Gmail identified by
VeriSign`. The first identifier (e.g. Gmail) is the name, logo or domain-name
of the site; the second identifier is of the entity that actually authenticated
it (e.g. VeriSign, which is currently the largest Certificate Authority – the
technical term for companies providing these identification services). The user
can assign her own favorite name or logo/icon to each site (even unprotected
sites – although, this does not protect them…). This makes it much easier for
users to detect spoofed (fake) sites, which will usually be unprotected, and
even if protected, will not be able to display the fake identity (identified by
any credible authority).

TrustBar
also helps improve security in few other ways:

·TrustBar includes a button labeled
`Hey!` which users should click when they reach a page which they suspect as
fraud. TrustBar team will confirm these reports and block such fraud sites
automatically.

·TrustBar will also, by default,
sometimes present your real sites _as_if_ they were cloned by an attacker. The
sites are not changed in any way, so there is no real loss in security; but
every user-visible indicator of security is removed, so that a fake site could
have looked exactly like this `simulated attack` site. Users should detect such
attacks, by noting that their login site is suddenly unprotected, does not have
the logo or name they assigned to it, or uses a different address
(URL/location). As mentioned above, if a user detects such fake site, she
should press `Hey!' ; in emulated attacks, users are informed that they indeed
detected an `emulated fake` site (if they press Hey!), or are warned that they
should have detected it (if they do not press Hey!).

·Users can also use `Hey!` to
report on sensitive sites, e.g. login, which are not protected using SSL/TLS.
We use these indications to warn the site, add them to out Hall of Shame, and
also inform all TrustBar installations. In particular, for many of the
unprotected login sites, there is an equivalent login site which _is_
protected. As of version 0.4.9.93, TrustBar will, by default, automatically
redirect to the protected site, users accessing the unprotected site. TrustBar
also tests unprotected sites for which the user assigned name/logo for changes;
sites which do not change for a while are marked with `same since
<date>`, and users are warned when they change.

4)Open the saved file from FireFox, by the
File->Open file menu command, selecting the downloaded file.

5)A dialog opens, with a warning, saying
that the extension is not signed…. Thawte kindly gave us a code signing
certificate but are still trying to get FireFox's signing software to accept it
– so currently, TrustBar is indeed not signed. To complete installation, click
`Install Now`.

6)Finally, close and re-open FireFox… and
you are done – TrustBar installed!!

7)You may want to use FireFox's menu `View à
Toolbars à
Customize` which will allow you to place the TrustBar elements on other bars,
e.g. the location or menu bar, and then you can deselect the TrustBar bar to
save the space. We plan to make this by default in later version as it seems
almost all users prefer to use TrustBar on the location (or menu) bar.

Note: TrustBar is also available from the Mozilla
Update site, but there is a problem preventing us from updating the version
there…

Uninstalling
TrustBar: If you find TrustBar is not helpful, you can easily remove it as follows.
We also welcome your feedback, so we can try to improve TrustBar. To uninstall,
use FireFox menu command Tools -> Extensions; you will see a list of
extensions installed on your browser. Select TrustBar and click the `uninstall'
button. Now, close and open FireFox… and you are done – TrustBar removed!

BUGS…
See or report in TrustBar
bug-list in Bugzilla. We are working on a reported bug in Mac OS X and
FreeBSD, please do not install on these platforms at this time.

You
can rate TrustBar, and comment, using Mozilla
Update Form. Currently, you must give a rating and we cannot properly
respond and remove outdated notes (e.g. due to fixed bugs). Therefore,
please use other channels (above) for bugs, discussions, etc.

If
you can code… help us port to additional browsers or by reviewing the
source code!

www.phishreport.net by
WholeSecurity – a network collecting and distributing reports of spoofed
sites. TrustBar includes a collection mechanism for reporting suspect
(e.g. spoofed) sites, and will soon use the collected information to
automatically warn its users. We also plan to share that information
freely with other collectors, but probably will not receive it from
WholeSecurity, since they charge 15,000$ (currently) for this service.

Commercial
`identification toolbars`: www.callingID.com
, Comodo's TrustToolBar, NetCraft's bar, http://fraudeliminator.com, GeoTrust TrustWatch - mostly for IE
(NetCraft and FraudEliminator support FireFox). These bars present identification
information from the certificate (like TrustBar, for protected
sites),from WhoIs and from other
databases. But, do not show the entity responsible for identifying the
site, which is critical imho – not all of the dozens of entities trusted
by the browser are to be equally trusted ! These bars also claim to warn
against fraud sites based on black-lists database and on heuristic
analysis of the page; I tried them on a fake PayPal site that one of our
users detected, which btw is easily detected with TrustBar - all but
Comodo's failed to detect it – of course this is not a sufficient test.
[I've informed PayPal]

A
popular bar for both IE and FF is SpoofStick.
It simply/mainly displays the domain name – but really nicely and
visibly.

Another
cool FireFox extension: http://petname.mozdev.org
– focused on `pet-naming` a site, i.e. allowing users to define their own
name for each site. TrustBar also allows `pet-naming`; in version 0.4, we
adopted per-name's user-interface for this (a text box in the menu rather
than pop-up dialog). There are still some differences, of course, and you
may want to compare.

TrustBar
assumes a `trusted path' between itself and the user, i.e. that an
attacker cannot overwrite TrustBar's UI, remove it, or display a window
which appears to be a browser window with TrustBar, but in fact is
completely adversary-controlled (without TrustBar). Furthermore, it assumes
that the attacker cannot disable TrustBar and change its databases.
Complementary tools should be used to guarantee the trusted path. This
includes operating system security (e.g. to prevent changing TrustBar's
databases) and browser security (e.g. to prevent attacker from modifying
or removing TrustBar). One interesting proposals for creating `trusted
path` from browser to user is presented in the SecuritySkins
paper.